0

I have a website that is not supposed to be open to the public and the URL is hidden.

Currently, I use Comodo certs to do the SSL, but I'm wondering since only approved devices should be accessing it, whether it makes sense to use a self-signed certificate. Is there any danger to this? I control all the end-users computers so could easily install the cert in their browsers.

The end users are in multiple countries accessing through the internet.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Kilisi
  • 101
  • 3
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/111392/discussion-between-steffen-ullrich-and-kilisi). – Steffen Ullrich Aug 04 '20 at 06:48
  • A closed system with no access to the internet appears to be, by definition, a LAN. Can you explain how users access it from the Internet? – schroeder Aug 04 '20 at 07:33
  • ... So, you just have a website. And you *hope* that other people don't find it. All the rest of the networking details you provide don't appear to be relevant, then. I'm still very confused about your wording: you say that ***since*** it is a closed system, whether it makes sense to use a self-signed cert. Why does this make sense to you? What goal are you trying to achieve? – schroeder Aug 04 '20 at 07:38
  • @schroeder ok, my English isn't great, I meant closed in that it's a work tool, not for public access. Login screen, two point user verification, logging ip's etc,. Can't do mac addresses and things like that or it would be too unfriendly in emergencies, but SSL cert installation would be easy enough. – Kilisi Aug 04 '20 at 07:41
  • @schroeder the goal I'm trying to achieve is if possible and still secure to cut the cost and maintenance of purchasing SSL certificates by generating my own. From research it's unclear to me if it would actually make the sites more secure or not. – Kilisi Aug 04 '20 at 07:43
  • MAC addresses don't survive the first router, so that's not a viable option anyway. Are you aware of the inherent security issues with self-signed certificates? – schroeder Aug 04 '20 at 07:48
  • @schroeder only in terms of man-in-the-middle scenarios, but I'm not sure I quite grasp how they affect my scenario, hence the question – Kilisi Aug 04 '20 at 07:50
  • Because *the Internet* is in the middle – schroeder Aug 04 '20 at 07:52
  • @schroeder I get that, it's also in the middle of a commodo certificate... difference is I don't need random people accessing – Kilisi Aug 04 '20 at 07:53
  • Please look up the benefits of a Certificate Authority and the dangers of self-signed certs. CAs are not about "random people". – schroeder Aug 04 '20 at 08:06
  • @schroeder I HAVE looked them up, I spent a couple of hours today wading through McAfee and others ideas on the matter. To me self signed looks fine, I came here to see if others thought different. If you don't know the answer, please leave the question for others to look at. – Kilisi Aug 04 '20 at 08:08
  • I have now provided a duplicate that answers *what you have asked*. If it doesn't meet your needs, please edit your question to include relevant details about specifics about what you are concerned about. – schroeder Aug 04 '20 at 08:18
  • @schroeder Oh great, thanks for that. Is an internal site (in the linked question) one that goes through the internet? I'm unclear on that – Kilisi Aug 04 '20 at 08:20
  • @Kilisi: "internal" in the context of the linked question means "not public". It does not matter for the question and answers if the site is accessible from the internet or not. What matters here if the intended audience is the public internet (i.e. should be accessible from arbitrary computers) or not. – Steffen Ullrich Aug 04 '20 at 13:40
  • @SteffenUllrich thanks, I decided thats what it meant and am now happily working with self signed certs. Bit of a mission getting chrome to play nice, but it all ended well. My understanding is security is a bit tighter now with no 3rd party in the middle. – Kilisi Aug 04 '20 at 22:59

0 Answers0